<br><font size=2 face="sans-serif">List,</font>
<br>
<br><font size=2 face="sans-serif">I was finished with successful FreeRadius
2 with EAP configuration and MSCHAP2. Everything OK, but when the Access-Accept
package are sent back to client, we missing some attributes mapped from
LDAP user account.</font>
<br>
<br><font size=2 face="sans-serif">I need to sent attribute Expiration
and Simultaneous-Use to client. How can I get this? This is a wrong configuration
made by me, or a limitation of the EAP protocol?</font>
<br>
<br><font size=2 face="sans-serif">Another symptom is the radhwo does not
list the autenticated user from EAP, just from cisco client.</font>
<br>
<br><font size=2 face="sans-serif">This is part of log:</font>
<br>
<br><font size=2 face="sans-serif">rlm_ldap: LDAP attribute radiusExpiration
as RADIUS attribute Expiration == "May 28 2009 00:00:00 BRT"</font>
<br><font size=2 face="sans-serif">rlm_ldap: LDAP attribute sambaAcctFlags
as RADIUS attribute SMB-Account-CTRL-TEXT == "[XU]"</font>
<br><font size=2 face="sans-serif">rlm_ldap: LDAP attribute sambaNtPassword
as RADIUS attribute NT-Password == 0x3335333030343442414443453434394536443045324434453445313530423444</font>
<br><font size=2 face="sans-serif">rlm_ldap: LDAP attribute sambaLmPassword
as RADIUS attribute LM-Password == 0x4133344533324230433035303233374641414433423433354235313430344545</font>
<br><font size=2 face="sans-serif">rlm_ldap: LDAP attribute radiusSimultaneousUse
as RADIUS attribute Simultaneous-Use == 1</font>
<br><font size=2 face="sans-serif">++[ldap-eap] returns ok</font>
<br><font size=2 face="sans-serif"> rad_check_password: Found
Auth-Type EAP</font>
<br><font size=2 face="sans-serif">auth: type "EAP"</font>
<br><font size=2 face="sans-serif">+- entering group authenticate</font>
<br><font size=2 face="sans-serif"> rlm_eap: Request found, released
from the list</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP/peap</font>
<br><font size=2 face="sans-serif"> rlm_eap: processing type peap</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Authenticate</font>
<br><font size=2 face="sans-serif"> rlm_eap_tls: processing TLS</font>
<br><font size=2 face="sans-serif"> eaptls_verify returned 7</font>
<br><font size=2 face="sans-serif"> rlm_eap_tls: Done initial handshake</font>
<br><font size=2 face="sans-serif"> eaptls_process returned 7</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: EAPTLS_OK</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Session established.
Decoding tunneled attributes.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Received EAP-TLV
response.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Success</font>
<br><font size=2 face="sans-serif"> Using saved attributes from the
original Access-Accept</font>
<br><font size=2 face="sans-serif"> rlm_eap: Freeing handler</font>
<br><font size=2 face="sans-serif">++[eap] returns ok</font>
<br><font size=2 face="sans-serif">+- entering group session</font>
<br><font size=2 face="sans-serif"> expand:
/var/log/radius/radutmp -> /var/log/radius/radutmp</font>
<br><font size=2 face="sans-serif"> expand:
%{User-Name} -> bhsouza</font>
<br><font size=2 face="sans-serif">++[radutmp] returns ok</font>
<br><font size=2 face="sans-serif">Login OK: [dbht] (from client davi port
36 cli 0019d27646d4)</font>
<br><font size=2 face="sans-serif">} # server test-eap</font>
<br><font size=2 face="sans-serif">Sending Access-Accept of id 0 to 192.168.231.254
port 3074</font>
<br><font size=2 face="sans-serif"> Idle-Timeout
= 1800</font>
<br><font size=2 face="sans-serif"> User-Name
= "dbht"</font>
<br><font size=2 face="sans-serif"> MS-MPPE-Recv-Key
= 0x8ddec5a7f80e852a6a74a4519becba99244be80b9f78e0a9ea0a8386ff1270c5</font>
<br><font size=2 face="sans-serif"> MS-MPPE-Send-Key
= 0x42a07c62a4820564cae4a28c13bdc13d2f6e7a924b2bf794b21ef27520de7510</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x03080004</font>
<br><font size=2 face="sans-serif"> Message-Authenticator
= 0x00000000000000000000000000000000</font>
<br><font size=2 face="sans-serif">Finished request 8.</font>
<br>
<br><font size=2 face="sans-serif">May anyone help me?</font>
<br>
<br><font size=2 face="sans-serif">Regards,</font>
<br>
<br><font size=2 face="sans-serif">Davi.</font>
<br>
<br><font size=2 face="sans-serif">Davi Baldin<br>
JVS do Brasil - IBM BP Premier<br>
davi@jvsinfo.com.br<br>
(19) 3211-1266<br>
(19) 9266-6793 (JVS)<br>
(19) 9615-6681</font>